所有博客

How Web3 penetration testing secures smart contracts, wallets, and infrastructure through real-world attack simulation, standardized methodologies, and actionable remediation.

Gate's Web3 Wallet now displays CertiK Skynet Scores directly within its Earn product pages, giving users on-chain security intelligence at the point of investment decision-making.

The rapid adoption of OpenClaw, a popular open-source autonomous AI agent framework, reflects a broader shift toward AI-driven assistants. However, the widespread integration of this framework introduces critical security risks that may lead to unauthorized actions, data exposure, and system compromise.

On 22 March 2026, the Revolv protocol was exploited, resulting in a loss of ~$26.8M due to a compromise of the project's cloud infrastructure which gave access to Resolv’s AWS Key Management Service (KMS).

Security infrastructure is becoming a common bottleneck in VASP licensing. This guide covers what regulators evaluate, the documentation gaps that trigger follow-up cycles, and a practical sequencing framework to get ahead of them.

On 10 March 2026, the Movie Token (MT) contract was exploited for approximately $242,000 due to a critical flaw in its 'sell' logic. The vulnerability stemmed from a double-counting error: when a user sold MT tokens, the contract simultaneously transferred them to the liquidity pair for the swap and added that same balance to a pendingBurnAmount variable. When distributeDailyRewards() subsequently burned those pending tokens, it created an artificial supply shock, inflating the MT price and allowing the attacker to drain value from the pool.

OpenClaw is an open-source, self-hosted personal AI agent platform designed to run on a user’s local machine or server. It supports long-term memory, autonomous operation, integration with mainstream LLMs, and remote control through messaging platforms like Telegram.

Crypto ATM fraud is one of the fastest-growing financial crime categories in the United States. Criminal organizations exploit the speed and pseudonymity of crypto kiosks to extract funds from vulnerable populations at an accelerating pace. In the Skynet Crypto ATM Fraud Report, we discuss types of crypto ATM attacks, global statistics, attacker profiles, key enforcement actions, detection and mitigation strategies, and recommendations to protect against these types of fraud.

For years, the industry has struggled with this exact question. In this article, we are going to dive deep into an emerging privacy solution: zERC20. zERC20 is a pragmatic, immediate implementation of a concept known as plausible deniability (originally proposed in EIP-7503), which means the cryptographic evidence of an action equally supports a completely innocent explanation. For zERC20, depositing funds into the privacy protocol is mathematically indistinguishable from a user accidentally sending tokens to a dead address.

When an institution sends digital assets to an address provided by a counterparty, it is relying on the counterparty's claim that they control it. The blockchain will settle the transaction regardless of who is on the other end. This gap between how institutions want to use digital assets and what the compliance infrastructure can actually verify is becoming harder to ignore as more regulated capital moves on-chain.

CertiK has completed an independent Proof of Reserves (PoR) audit for Gate Technology FZE, the Dubai-based entity of the Gate Group. Gate Dubai exchange is licensed by the Virtual Assets Regulatory Authority (VARA). The audit verified that the platform's on-chain reserves fully back its user liabilities across all in-scope assets as of December 31, 2025.

An overview of regulatory developments in the United States in February 2026, including the Senate Banking draft, GENIUS Act implementation, and the SEC “Task Force” transition.